News from The Information Commissioner’s Office (ICO)

An insurance service agrees to a consensual audit of its data protection practices by the ICO and fine imposed on home improvements company for cold calling historic customers following complaints.

The ICO has released it’s statement regarding an agreement reached between the entity now known as Somerset Bridge Insurance Services Limited and itself- The Information Commissioner, following investigations since 2019 looking into a breach of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Following restructuring the service has conducted its own review of the state of data protection compliance, leading to altering and introducing various practices and policies, mainly with a view to the marketing arm of business. As part of the agreement, the ICO will in due course carry out the consensual audit of the Limited group’s direct marketing, general DP process and governance structure.

The company in question states that ‘Somerset Bridge Insurance Service Limited recognises its duty of cooperation with the ICO and the vital importance of protecting personal information, and is robustly committed to upholding the data protection rights of its customers moving forward’.

See more on the Statement on an agreement reached between Somerset Bridge Insurance Services Limited and the ICO | ICO

This comes as the ICO has issued a fine to a home improvement firm for the amount of £200,000 for disturbance of more than half a million unsolicited marketing calls to previous customers contacted beyond the data retention period.

Using the Telephone Preference Service (TPS) Home2Sense Ltd made nuisance calls between June 2020 and March 2021, offering insulation services to people registered with TPS.

They amassed more than 60 complaints and there were two main accounts seen as illegal-

Numbers that have been registered for more than 28 days should not be used for marketing calls unless the receiver has notified they do not object. Some complainants were from years ago.

The company was identifying itself using different trading names during the calls.

Home2Sense Ltd told ICO investigators that customer data was acquired from an “unknown source” and blamed its staff for not screening the phone numbers in their database against the TPS

Ken Macdonald, Head of ICO Regions, said: “Business owners operating in this field have a duty to have robust procedures and training in place so the law is followed. Attempts to rely on ignorance of the law, or trying to pass the buck onto members of staff or external suppliers, will not be tolerated.”

The ICO has also issued the company with an enforcement notice ordering them to stop making unsolicited marketing calls.

Find out more at Welsh company fined £200,000 for making nuisance marketing calls | ICO

The Privacy and Electronic Communications Regulations (PECR) give people specific privacy rights in relation to electronic communications. There are specific rules on:

  • marketing calls, emails, texts and faxes;
  • cookies (and similar technologies);
  • keeping communications services secure; and
  • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

Here are some guidelines on best practice for Electronic Digital Marketing courtesy of the DPC.